1 / 14

Federation eduroam and InCommon

Federation eduroam and InCommon. Steve Devoti – Senior IT Architect, UW-Madison. 10/25/2010. What is eduroam?. How does it work?. RADIUS.root. Confederation. Federation (NREN). RADIUS.au. U.S RADIUS. RADIUS.de. RADIUS.lu. Institution. RADIUS.wisc.edu. RADIUS.utk.edu.

waseem
Download Presentation

Federation eduroam and InCommon

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Federationeduroam and InCommon Steve Devoti – Senior IT Architect, UW-Madison 10/25/2010

  2. What is eduroam?

  3. How does it work? RADIUS.root Confederation Federation (NREN) RADIUS.au U.S RADIUS RADIUS.de RADIUS.lu Institution RADIUS.wisc.edu RADIUS.utk.edu meriwether@utk.edu

  4. Why eduroam? • People have a need for federated network access • There are no good alternatives (e.g. SAML would be problematic) • eduroam is a proven solution with thousands of institutions participating

  5. What’s required? • For IT • 802.1x capable infrastructure • RADIUS capable of sending and receiving requests to/from eduroam servers • Join • For the user • 802.1x supplicant for the device they wish to connect • A little training. Users must use an ID scoped with their realm (e.g. devoti@wisc.edu) and know how to setup their device • More info: www.eduroam.org

  6. Where are we at? • 9 U.S. institutions are active • 4 in beta, 9 in progress, 60 have expressed interest • CIC institutions are poised to adopt eduroam • UW-Madison, LSU, U of Illinois, Case Western, U Tenn-Knoxville, U Texas System, Cornell are working with InCommon • University of Illinois ready for rollout • UW-Madison is putting up a new RADIUS infrastructure

  7. Potential Policy Issues • Allow eduroam authenticated users full access to the network, or restrict to a subnet • Bandwidth or port restrictions • Our user violates visited-institution policy • Visitor violates our policy • Will need some way to notify visitors of any AUP, etc. • Lifetime ban, etc.

  8. InCommon • A federation supporting access to shared resources in support of education and research • Provides a technical trust fabric, policies and standards (e.g. attribute transfer) • Mostly used to allow access to web resources • Based on SAML2 (Security Assertion Markup Language) and Shibboleth • Basic membership provides low LOA • More info: http://www.incommon.org/

  9. InCommon Silver • Designed to provide service providers with a higher LOA, roughly equivalent to NIST Level 2 • Potential service providers include NSF, NIH, National Student Clearinghouse • More info: http://www.incommonfederation.org/assurance/

  10. Where are we at? • CIC institutions are working together and have a goal of Fall 2011for certification • UW-Madison has an active project • Improvements to identity proofing • Documentation of policy and procedures • Some technical work

  11. Potential Policy Issues • Use of Institutional Access Control Services • Depending on the audit, higher compliance may be required • Password policy • Account Management Policy • Protecting credentials, reporting violations, etc.

  12. uApprove More info: http://www.switch.ch/aai/support/tools/uApprove.html

  13. Potential Policy Issues • Implement for all services or only those available to students • Default attribute release policy • No access without acceptance

  14. Any thoughts? • I’d like to hear what you think about the policy implications of federation services: Steve Devoti, Senior IT Architect devoti@wisc.edu

More Related